[Nix-dev] The X unix socket

Lluís Batlle viriketo at gmail.com
Thu Mar 11 20:06:15 CET 2010 

I'm not against X running as root. I'm against its unix socket having
permissions 777.

2010/3/11 Tony White <tonywhite100 at googlemail.com>:
> On 11 March 2010 07:56, Lluís Batlle <viriketo at gmail.com> wrote:
>> I tried, and any other users in my nixos can spawn windows in my
>> server, only setting DISPLAY=:0.
>>
>> Maybe we have something wrong for xauth, the magic auth string, or
>> things like that?
>>
>> Regards,
>> Lluís.
>>
>> 2010/3/11 Steve Roggenkamp <roggenkamps at acm.org>:
>>> This is the same as my Debian installation.
>>>
>>> This is actually a UNIX socket the X Windows server uses for interprocess
>>> communication.  The socket is owned by the X windows server which runs as
>>> root since it has to control the display device.  The permissions allow an
>>> arbitrary client to connect with the X Windows server.
>>>
>>> I think this is how all Linux have X Windows configured, or at least my
>>> Debian and Ubuntu installations.
>>>
>>> I'm thinking you would have to change the Xorg code to change the
>>> permissions since this socket gets opened when the Xorg server starts.  Then
>>> I suppose you could create a group that would be allowed to communicate with
>>> the socket.  I've not done that much coding with UNIX sockets, so I'd have
>>> to do some research to know whether this would even be feasible.
>>>
>>> Hope this makes sense.
>>>
>>> Steve
>>>
>>> Lluís Batlle wrote:
>>>
>>> Hello,
>>>
>>> using kdm, I found this:
>>> $ ls -l /tmp/.X11-unix/X0
>>> srwxrwxrwx 1 root root 0  7 mar 21:51 /tmp/.X11-unix/X0
>>>
>>> I don't like those permissions much. Can anyone suggest a better way
>>> to handle that in nixos? Why it has permissions 777 and ownership
>>> rooot?
>>>
>>> Regards,
>>> Lluís.
>>> _______________________________________________
>>> nix-dev mailing list
>>> nix-dev at cs.uu.nl
>>> https://mail.cs.uu.nl/mailman/listinfo/nix-dev
>>>
>>>
>>>
>>> _______________________________________________
>>> nix-dev mailing list
>>> nix-dev at cs.uu.nl
>>> https://mail.cs.uu.nl/mailman/listinfo/nix-dev
>>>
>>>
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at cs.uu.nl
>> https://mail.cs.uu.nl/mailman/listinfo/nix-dev
>>
>
> Hi all,
> Rootless X is possible but your prerequisite is a KMS capable driver :
> http://lists.x.org/archives/xorg-devel/2009-July/001293.html
> So it it wouldn't work of everyone at this time.
>
> Thanks,
> Tony
>

More information about the nix-dev mailing list